----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72674/#review221203 -----------------------------------------------------------
Ship it! Ship It! - Madhan Neethiraj On July 13, 2020, 9:58 p.m., Abhay Kulkarni wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72674/ > ----------------------------------------------------------- > > (Updated July 13, 2020, 9:58 p.m.) > > > Review request for ranger, Dineshkumar Yadav, Madhan Neethiraj, and > Velmurugan Periasamy. > > > Bugs: RANGER-2858 > https://issues.apache.org/jira/browse/RANGER-2858 > > > Repository: ranger > > > Description > ------- > > Permission is granted for 'any' access for a non-empty resource if any > policy in any security zone allows permission. Only the policies in the > security zone for the accessed resource should be considered for > authorization in such scenario. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java > dbdb78048 > > > Diff: https://reviews.apache.org/r/72674/diff/1/ > > > Testing > ------- > > Tested for hive service, by exercising 'use <database>' command using > beeline. Verified that only the policies in the security zone which contains > resource <database> are evaluated for access. > > > Thanks, > > Abhay Kulkarni > >
